User roles determine what you can see and do in vRealize Automation Cloud Assembly. Some roles are defined at the organization level, and some are specific to vRealize Automation Cloud Assembly.
User roles are defined for the organization in the vRealize Automation console by an organization owner. There are two types of roles, organization roles and service roles.
The organization roles are global and apply to all services in the organization. The organization-level roles are Organization owner or Organization Member role.
For more information about the organization roles, see Administering vRealize Automation.
The vRealize Automation Cloud Assembly service roles, which are service-specific permissions, are also assigned at the organization level in the console.
Cloud Assembly Service Roles
The vRealize Automation Cloud Assembly service roles determine what you can see and do in vRealize Automation Cloud Assembly. These service roles are defined in the console by an organization owner.
|Cloud Assembly Administrator||Must have read and write access to the entire user interface and API resources. This is the only user role that can see and do everything, including add cloud accounts, create new projects, and assign a project administrator.|
|Cloud Assembly User||A user who does not have the Cloud Assembly Administrator role.
In a vRealize Automation Cloud Assembly project, the administrator adds users to projects as project members. The administrator can also add a project administrator. The permission for these two roles are defined below.
|Cloud Assembly Viewer||A user who can see information but cannot create, update, or delete values. This is a read-only role.
Users with the viewer role can see the blueprints and deployments for all projects regardless of project membership or whether the project deployments are shared.
In addition to the service roles, vRealize Automation Cloud Assembly has project roles.
The project roles are defined in vRealize Automation Cloud Assembly and can vary between projects.
In the following tables, which tells you what the different service and project roles can see and do, remember that the service administrators have full permission on all areas of the user interface.
The descriptions of project roles will help you decide what permissions to give your users.
- Project administrators leverage the infrastructure that is created by the service administrator to ensure that their project members have the resources they need for their development work.
- Project members work within their projects to design and deploy blueprints.
- Project viewers are restricted to read-only access, except in a few cases where they can do non-destructive things like download blueprints.
|UI Context||Task||Cloud Assembly Administrator||Cloud Assembly Viewer||Cloud Assembly User
User must be a project administrator or member to see and do project-related tasks.
|Project Administrator||Project Member||Project Viewer|
|Access Cloud Assembly|
|Console||In the vRA console, you can see and open Cloud Assembly||Yes||Yes||Yes||Yes||Yes|
|See and open the Infrastructure tab||Yes||Yes||Yes||Yes||Yes|
|Configure - Projects||Create projects||Yes|
|Update, or delete values from project summary, users, provisioning, Kubernetes, integrations, and test project configurations.||Yes||Yes. Your projects|
|Add users and assign roles in projects.||Yes||Yes. Your projects.|
|View projects||Yes||Yes||Yes. Your projects||Yes. Your projects||Yes. Your projects|
|Configure - Cloud Zones||Create, update, or delete cloud zones||Yes|
|View cloud zones||Yes||Yes|
|Configure - Kubernetes Zones||Create, update, or delete Kubernetes zones||Yes|
|View Kubernetes zones||Yes||Yes|
|Configure - Flavors||Create, update, or delete flavors||Yes|
|Configure - Image Mappings||Create, update, or delete image mappings||Yes|
|View image mappings||Yes||Yes|
|Configure - Network Profiles||Create, update, or delete network profiles||Yes|
|View image network profiles||Yes||Yes|
|Configure - Storage Profiles||Create, update, or delete storage profiles||Yes|
|View image storage profiles||Yes||Yes|
|Configure - Pricing Cards||Create, update, or delete pricing cards||Yes|
|View the pricing cards||Yes||Yes|
|Configure - Tags||Create, update, or delete tags||Yes|
|Resources - Compute||Add tags to discovered compute resources||Yes|
|View discovered compute resources||Yes||Yes|
|Resources - Networks||Modify network tags, IP ranges, IP addresses||Yes|
|View discovered network resources||Yes||Yes|
|Resources - Security||Add tags to discovered security groups||Yes|
|View discovered security groups||Yes||Yes|
|Resources - Storage||Add tags to discovered storage||Yes|
|Resources - Machines||Add and delete machines||Yes|
|View machines||Yes||Yes||Yes. Your projects||Yes. Your projects||Yes. Your projects|
|Resources - Volumes||Delete discovered storage volumes||Yes|
|View discovered storage volumes||Yes||Yes||Yes. Your projects||Yes. Your projects||Yes. Your projects.|
|Resources - Kubernetes||Deploy or add Kubernetes clusters, and create or add namespaces||Yes|
|View Kubernetes clusters and namespaces||Yes||Yes||Yes. Your projects||Yes. Your projects||Yes. Your projects|
|Activity - Requests||Delete deployment request records||Yes|
|View deployment request records||Yes||Yes||Yes. Your projects||Yes. Your projects||Yes. Your projects|
|Activity - Event Logs||View event logs||Yes||Yes||Yes. Your projects||Yes. Your projects||Yes. Your projects|
|Connections - Cloud Accounts||Create, update, or delete cloud accounts||Yes|
|View cloud accounts||Yes||Yes|
|Connections - Integrations||Create, update, or delete integrations||Yes|
|Onboarding||Create, update, or delete onboarding plans||Yes|
|View onboarding plans||Yes||Yes||Yes. Your projects|
|See and open the Marketplace tab||Yes||Yes|
|Use the downloaded blueprints on the Design tab||Yes||Yes. If associated with your projects.||Yes. If associated with your projects.|
|Marketplace - Blueprints||Download a blueprint||Yes|
|View the blueprints||Yes||Yes|
|Marketplace - Images||Download images||Yes|
|Marketplace - Downloads||View the log of all downloaded items||Yes||Yes|
|See and open the Extensibility tab||Yes||Yes||Yes|
|Events||View extensibility events||Yes||Yes|
|Subscriptions||Create, update, or delete extensibility subscriptions||Yes|
|Library - Event topics||View event topics||Yes||Yes|
|Library - Actions||Create, update, or delete extensibility actions||Yes|
|View extensibility actions||Yes||Yes|
|Library - Workflows||View extensibility workflows||Yes||Yes|
|Activity - Action Runs||Cancel or delete extensibility action runs||Yes|
|View extensibility action runs||Yes||Yes||Yes. Your projects|
|Activity - Workflow Runs||View extensibility workflow runs||Yes||Yes|
|Design||Open the Design tab and see a list of blueprints||Yes||Yes||Yes. Your projects||Yes. Your projects||Yes. Your projects|
|Blueprints||Create, update, and delete blueprints||Yes||Yes. Your projects||Yes. Your projects|
|View blueprints||Yes||Yes||Yes. Your projects||Yes. Your projects||Yes. Your projects|
|Download blueprints||Yes||Yes||Yes. Your projects||Yes. Your projects||Yes. Your projects|
|Upload blueprints||Yes||Yes. Your projects||Yes. Your projects|
|Deploy blueprints||Yes||Yes. Your projects||Yes. Your projects|
|Version and restore blueprints||Yes||Yes. Your projects||Yes. Your projects|
|Release blueprints to the catalog||Yes||Yes. Your projects||Yes. Your projects|
|Custom Resources||Create, update or delete custom resources||Yes|
|View custom resources||Yes||Yes||Yes. Your projects||Yes. Your projects||Yes. Your projects|
|Custom Actions||Create, update, or delete custom actions||Yes|
|View custom actions||Yes||Yes||Yes. Your projects||Yes. Your projects||Yes. Your projects|
|See and open the Deployments tab||Yes||Yes||Yes||Yes||Yes|
|View deployments, including deployment details, deployment history, and troubleshooting information.||Yes||Yes||Yes. Your projects||Yes. Your projects||Yes. Your projects|
|Run day 2 actions on deployments based on policies||Yes||Yes. Your projects||Yes. Your projects|